Skip to Content

Job Snapshot

Employee Type - Full-Time EmployeeExperience - Not SpecifiedIndustries - Management


About the company:

Our client works in banking industry.


Job Summary:

Global Information & Technology Risk Management department of our client, takes care of Information Security matters. Their mandate is to provide sound governance and guidance on information security risk and to provide critical services central to protecting the Bank against cyber threats. The core principle of Information Security is to protect the confidentiality, integrity, and availability of information. GITRM achieves this through the development and implementation of strategies, investment plans, services and solutions that support and enable BMO lines of business to operate securely in an increasingly connected global environment.


Responsibilites :

  • Setting and driving adoption of the overall strategy for information security risk, including cyber security, for the Bank
  • Establishing and providing governance over the policies, standards, and directives that guide the lines of business in protecting their information assets within the boundaries of their risk appetite
  • Delivering enterprise solutions and services that support the cyber security strategy in a timely and cost effective manner

They are looking for a Senior Manager (Customer Identity & Access Management Security and Payments Security). The role will be a key member of the Enterprise Security Strategy and Architecture team and will review enterprise Customer Identity and Access Management (CIAM) related initiatives as well as the resiliency of Wholesale Payment Systems. The role will collaborate with technology, business and other Information Security teams to ensure the selected capabilities address the threat landscape, improve customer experience and integrate effectively in the BMO environment.

  • Core: Maintain the principles, standards and guidelines focusing on establishing security controls and architecture for all in-scope applications.
  • Inventory and scope: Work with business to understand current controls for applications; understand current control deficiencies for applications, understand the interfaces and data flows for these applications, etc.
  • Security requirements for product selection: Establish product evaluation criteria and help screen or perform due diligence on potential products to be used for CIAM & Payments Security initiatives.
  • Education: Computer Science, Engineering, Information Systems.
  • Background: Broad technical and system-level expertise in one or more areas in information security, at a minimum including Security assessments / reviews, risk analysis, application security, etc.


  1. Manage a Team of Information Security Analysts/Specialists
  • Hire, train, mentor, coach and maintain a staff of employees and contractors to complete security analysis and reviews for the CIAM and Payments Security initiatives.
  • Resource Management - Addressing any access issues of staff; on-boarding / off-boarding; re-assignments; Vacation / Back-ups; etc.
  • Performance Monitoring - Coordinate and discuss performance / productivity feedback for resources with leader of the CIAM and Payments Security team
  • Level 1 Escalation - Ensuring any slippages are escalated and disagreements with stakeholders are resolved before it reaches the leader of the CIAM and Payments Security team
  • Analyze and present key risks for management decision, escalation or acceptance
  • Management Reporting - Consolidate and report initiative status for management and other stakeholders
  • Conduct awareness events within the bank targeting business and technology stakeholders to elaborate on the security aspects of CIAM and Payment Systems


  1. Perform People Management Responsibilities, Consistent with General Direction and Strategies Provided at the Enterprise and Divisional Levels
  • Talent Review
  • Incentive Pay and Annual Compensation
  • Pulse / Annual Employee Survey
  • Career development and myPerformance process
  • Rewards and Recognition
  • Build team capabilities and redundancies for critical functions
  • Provide strong leadership, coaching and guidance to a multi-disciplinary, professional team of employees



  1. Perform Responsibilities as a Member of the Senior Management Team of GITRM
  • Identifies risks or issues with technology solution & design which may impact realization of project benefits and provide guidance and support to stakeholders in making good decisions to pro-actively resolve or mitigate potential risks/delays to the project.
  • Provide guidance and counsel to LOB’s and projects to ensure alignment to the relevant information security governance programs
  • Proactively identifies and implements strategies to improve reliability, leveraging automation wherever possible
  • Owns and maintains security standards and procedures
  • Exemplify One Bank behaviour and collaborate with various teams to make success look simple.

  1. Reporting
  • Provide timely input to management regarding accomplishments as well as outstanding issues
  • Leverage metrics and analytics to gain insight for planning, design and management to facilitate the identification of improvement opportunities
  • Build and maintain reports for Executive management in order to communicate IS risks as it relates to Operating Groups / Legal Entities

  1. Become an Advocate for GITRM and Recommend Improvements to CIAM Security, Payments Security and other GITRM/Bank Processes
  • Provide innovative ideas and identify improvement opportunities in the CIAM Standards and Control Operating Procedures, Payments Security requirements and identify procedures to increase effectiveness and efficiency.
  • Ensure that all stakeholders understand why the process will benefit everyone when completed collaboratively. Be able to explain the risks and importance of our process in mitigating IS related risks.
  • Exemplify Being BMO behaviors and adhere to the professional expectations of the job.


  1. Knowledge
  • In depth knowledge of Information Security risk, ITGC Controls, and industry best practices with a minimum of 10 years relevant experience
  • Advanced understanding of a risk based assessment approach
  • Good knowledge of the technical areas such as data warehouses and databases, mainframes, operating systems, networks, applications, cloud computing, mobile technology, etc.
  • Sufficient business knowledge to assess impact of applied technology on customer’s business processes
  • Expert knowledge of industry standards on Policies, Standards, and operating procedures relating to information security risk
  • Information Security certification is desired (e.g. CISSP, GIAC, etc.).

  1. Skills
  • Possesses a deep understanding and problem solving ability of Information Technology of various scale, degree and dimension of complexity
  • Must be passionate about Information Security and like working in a dynamic environment
  • Likes to analyze business problems and build solutions that improve security and create remarkable customer experience
  • Stays abreast of industry technical and business trends through participation in professional associations, practice communities & individual learning
  • Experience engaging business, technology and security leaders and subject matter experts and an ability to influence stakeholders
  • Ability to review technical work
  • Effectively resolves and follows-up on problems as they occur.
  • Analyzes trends to proactively prevent problems
  • Possess good consulting skills
  • Possess advanced analytic skills
  • Highly developed communication skills, both verbal and written
  • Demonstrate strong relationship management skills
  • Possess solid negotiation / mediation skills
  • Possess good Project Management skills
  • Excellent time management skills

Employee Status:



Yes, 10 % of the Time

Job Level:

Non-Customer Facing - People Manager

Please send your email to: [Click Here to Email Your Resumé]

Submit your email address to begin the application process for the Senior Manager Payment security job
Email is invalid Email address is needed